1104 struct malloc_chunk {
1105
1106 INTERNAL_SIZE_T prev_size; /* Size of previous chunk (if free). */
1107 INTERNAL_SIZE_T size; /* Size in bytes, including overhead. */
1108
1109 struct malloc_chunk* fd; /* double links -- used only if free. */
1110 struct malloc_chunk* bk;
1111
1112 /* Only used for large blocks: pointer to next larger size. */
1113 struct malloc_chunk* fd_nextsize; /* double links -- used only if free. */
1114 struct malloc_chunk* bk_nextsize;
1115 };
1116
1117
1118 /*
1119 malloc_chunk details:
1120
1121 (The following includes lightly edited explanations by Colin Plumb.)
1122
1123 Chunks of memory are maintained using a `boundary tag' method as
1124 described in e.g., Knuth or Standish. (See the paper by Paul
1125 Wilson ftp://ftp.cs.utexas.edu/pub/garbage/allocsrv.ps for a
1126 survey of such techniques.) Sizes of free chunks are stored both
1127 in the front of each chunk and at the end. This makes
1128 consolidating fragmented chunks into bigger chunks very fast. The
1129 size fields also hold bits representing whether chunks are free or
1130 in use.
1131
1132 An allocated chunk looks like this:
1133
1134
1135 chunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1136 | Size of previous chunk, if allocated | |
1137 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1138 | Size of chunk, in bytes |M|P|
1139 mem-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1140 | User data starts here... .
1141 . .
1142 . (malloc_usable_size() bytes) .
1143 . |
1144 nextchunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1145 | Size of chunk |
1146 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1147
1148
1149 Where "chunk" is the front of the chunk for the purpose of most of
1150 the malloc code, but "mem" is the pointer that is returned to the
1151 user. "Nextchunk" is the beginning of the next contiguous chunk.
1152
1153 Chunks always begin on even word boundaries, so the mem portion
1154 (which is returned to the user) is also on an even word boundary, and
1155 thus at least double-word aligned.
1156
1157 Free chunks are stored in circular doubly-linked lists, and look like this:
1158
1159 chunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1160 | Size of previous chunk |
1161 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1162 `head:' | Size of chunk, in bytes |P|
1163 mem-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1164 | Forward pointer to next chunk in list |
1165 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1166 | Back pointer to previous chunk in list |
1167 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1168 | Unused space (may be 0 bytes long) .
1169 . .
1170 . |
1171 nextchunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1172 `foot:' | Size of chunk, in bytes |
1173 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1174
1175 The P (PREV_INUSE) bit, stored in the unused low-order bit of the
1176 chunk size (which is always a multiple of two words), is an in-use
1177 bit for the *previous* chunk. If that bit is *clear*, then the
1178 word before the current chunk size contains the previous chunk
1179 size, and can be used to find the front of the previous chunk.
1180 The very first chunk allocated always has this bit set,
1181 preventing access to non-existent (or non-owned) memory. If
1182 prev_inuse is set for any given chunk, then you CANNOT determine
1183 the size of the previous chunk, and might even get a memory
1184 addressing fault when trying to do so.
1185
1186 Note that the `foot' of the current chunk is actually represented
1187 as the prev_size of the NEXT chunk. This makes it easier to
1188 deal with alignments etc but can be very confusing when trying
1189 to extend or adapt this code.
1190
1191 The two exceptions to all this are
1192
1193 1. The special chunk `top' doesn't bother using the
1194 trailing size field since there is no next contiguous chunk
1195 that would have to index off it. After initialization, `top'
1196 is forced to always exist. If it would become less than
1197 MINSIZE bytes long, it is replenished.
1198
1199 2. Chunks allocated via mmap, which have the second-lowest-order
1200 bit M (IS_MMAPPED) set in their size fields. Because they are
1201 allocated one-by-one, each must contain its own trailing size field.
1202
1203 */